Cybersecurity Threat Advisory: Navigating holiday cyber risks

The holiday season is here, and organizations are facing an increased risk of cyberthreats with a notable focus on the activities of access brokers. These threat actors specialize in gaining and selling unauthorized access to organization accounts by orchestrating social engineering campaigns and exploiting seasonal vulnerabilities. There has been a significant surge in access broker activity, especially towards the end of the year. Cybercriminals are capitalizing on the distracted workforce, reduced staff, and operational changes that are typical during the holiday season. This Cybersecurity Threat Advisory includes Barracuda MSP recommendations for organizations to proactively understand their attack surface, prioritize identity protection, strengthen cloud defenses, know their adversaries, and practice essential cybersecurity hygiene regularly.

What is the threat?

During the holiday season, cyberthreats intensify, with increased online activities and vulnerabilities. Ransomware, constituting nearly 25 percent of malicious attacks in 2023 with average costs exceeding $5 million, strategically exploits the holiday period, taking advantage of limited IT support for impactful network exploitation and ransomware propagation.

Access brokers are a notable threat during this season and actively participate in sophisticated social engineering campaigns, exploiting vulnerabilities, and orchestrating well-crafted attacks. Phishing escalates, creating a surge in promotional emails and mimicking seasonal content, such as order and tracking emails, charity requests, and holiday event messages. Spear-phishing campaigns see a notable uptick as well, boasting an average click-through rate of 11 percent.

Concurrently, Distributed Denial of Service (DDoS) attacks proliferate, with approximately 7.9 million incidents recorded globally in the first half of 2023, marking a 31 percent increase from the previous year. These attacks strategically target eCommerce businesses and financial institutions during holiday peaks, aiming to disrupt operations in industries experiencing a surge in internet traffic.

Why is it noteworthy?

The holiday season introduces a significant shift in business operations, with many companies operating with a skeleton crew, making them susceptible to cyber threats. Notably, access brokers, who facilitate cybercrime by gaining and selling access to organizations, exhibit heightened activity during this period. CrowdStrike reports a 147 percent increase in access broker advertisements from July 2022 to June 2023, emphasizing their pivotal role in the eCrime ecosystem. Access brokers establish relationships with ransomware operators, capitalizing on the holiday season’s chaos to breach organizations, sell access to adversaries, and support ransomware campaigns. These threat actors strategically target organizations in retail, hospitality, and travel sectors, taking advantage of a weakened security posture during busy seasons. Access brokers’ adaptability, organizational structure, and exploitation tactics make them a formidable opponent, requiring organizations to better comprehend their strategies and bolster cybersecurity defenses to navigate the increased risks posed during the holiday season.

What is the exposure or risk?

A heightened risk emerges for both organizations and individual users engaging in online activities. Cyber threat actors, employing advanced social engineering and phishing tactics, particularly target users in the consumer goods sector during the holiday season. The tactics include SMS phishing, deceptive websites, and exploiting multifactor authentication fatigue, putting personal credentials and financial information at risk. This not only poses a threat to organizational security but also endangers regular users, emphasizing the importance of vigilance, strong security practices, and increased caution during online transactions to mitigate these potential risks and safeguard personal information and financial assets.

What are the recommendations?

Barracuda MSP recommends the following actions to limit the impact of a holiday cyberattack:

• Implement Multi-Factor Authentication and Strong Passwords:
  • Ensure robust protection by implementing multi-factor authentication for remote access and administrative accounts.
  • Mandate strong, unique passwords to prevent unauthorized access, emphasizing the importance of not reusing passwords across multiple accounts.
• Enhance Security Awareness and Monitoring:
  • Conduct regular employee training to raise awareness about phishing threats and the importance of not clicking on suspicious links.
  • Monitor potentially risky services like remote desktop protocol (RDP) to ensure secure usage and timely detection of any anomalies.
• Proactive Measures and Incident Response:
  • Prioritize identity protection by enforcing MFA and assessing unusual network behavior promptly.
  • Update incident response and communication plans

References

For more in-depth information about the recommendations, please visit the following links:

• https://www.doncio.navy.mil/chips/ArticleDetails.aspx?ID=15276
• https://blog.lumen.com/stay-secure-against-holiday-cyberattacks/

If you have any questions about this Cybersecurity Threat Advisory, please contact Barracuda XDR’s Security Operations Center.